CVE-2023-44390

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Oct 5, 2023

Updated: Oct 12, 2023

CWE ID 79

Summary

CVE-2023-44390 is a vulnerability affecting the HtmlSanitizer library used for cleaning HTML fragments in .NET applications. When the library is configured to allow `svg` or `math` elements, it becomes susceptible to XSS attacks, as an attacker could inject arbitrary HTML, including malicious JavaScript code, bypassing the sanitization process. This issue has been mitigated in versions 8.0.723 and 8.1.722-beta (preview) of the library. By default, the vulnerability does not exist.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

HtmlSanitizer Project HtmlSanitizer

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/s0vxHd
https://www.cve.org/CVERecord?id=CVE-2023-44390
https://nvd.nist.gov/vuln/detail/CVE-2023-44390

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners

CVE-2023-44390

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations